Skip to content

Add actionlint action for workflow validation #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cosmir17 wants to merge 1 commit into from
Closed

Add actionlint action for workflow validation #26

cosmir17 wants to merge 1 commit into from

Conversation

@cosmir17
Copy link
Contributor

@cosmir17 cosmir17 commented Sep 23, 2025
edited
Loading

Summary

Implements @gilescope's suggestion from PR #25 to add actionlint as an alternative to the lost scorecard/SCS functionality.

Context

In PR #25, we identified that the fork-friendly Checkmarx solution doesn't include scorecard/SCS results. Rather than trying to restore scorecard (which would require additional tokens that fork PRs don't have), Giles suggested adding actionlint for workflow validation.

What this PR adds

A new actionlint composite action that:

  • Downloads and runs actionlint to validate GitHub Actions workflows
  • Integrates shellcheck for shell script validation
  • Integrates pyflakes for Python script validation
  • Creates GitHub annotations for discovered issues
  • Works with fork PRs (no special tokens required)

Usage

- name: Validate workflows
  uses: midnightntwrk/upload-sarif-github-action/actionlint@main
  with:
    fail-on-error: 'true'
    shellcheck: 'true'
    pyflakes: 'true'

Testing

  • Tested locally with actionlint v1.7.7
  • Verified it correctly detects:
    • Outdated action versions (e.g., actions/checkout@v2)
    • Shell script errors via shellcheck integration
    • Workflow syntax issues
  • Confirmed error output format matches expected pattern for GitHub annotations
  • Included comprehensive README with examples

Related

/cc @gilescope @mattibl

@cosmir17
Add actionlint action for GitHub workflow validation
939da47 
Per Giles' suggestion in PR #25, adding actionlint as a lightweight
alternative to scorecard/SCS validation that works with fork PRs.

- Downloads and runs actionlint for workflow validation
- Integrates shellcheck and pyflakes for script validation
- Creates GitHub annotations for discovered issues
- No special tokens required (fork-friendly)
@cosmir17 cosmir17 self-assigned this Sep 23, 2025
@cosmir17 cosmir17 requested a review from a team as a code owner September 23, 2025 21:47
@github-actions
Copy link

github-actions bot commented Sep 23, 2025

Logo
Checkmarx One – Scan Summary & Details1002a42b-dca1-422a-8de8-0ad5d4c8cc6b

Great job! No new security vulnerabilities introduced in this pull request

gilescope
gilescope reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@gilescope gilescope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's already an actionlint action - is it possible we could call out to that? https://github.com/marketplace/actions/actionlint

@cosmir17
Copy link
Contributor Author

cosmir17 commented Sep 24, 2025

@gilescope Thanks for pointing that out! You're right - we should just use the existing marketplace action.

I close this PR and instead add raven-actions/actionlint@v2 directly to midnight-indexer and midnight-node workflows. That's a better approach than maintaining our own wrapper.

Will create PRs for both repos to add actionlint validation to their CI pipelines.

@cosmir17 cosmir17 closed this Sep 24, 2025
@cosmir17 cosmir17 deleted the sean/add-actionlint-validation branch September 24, 2025 11:42
This was referenced Sep 24, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gilescope gilescope gilescope left review comments

@MB-IOHK MB-IOHK Awaiting requested review from MB-IOHK

Assignees

@cosmir17 cosmir17

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cosmir17 @gilescope